It just occurred to me the other night, that for all those people debating MD5 vs crypt for shadow password lists... It's all pointless if you run samba, as samba uses standard NT encryption (with it's brain-dead problem with the split keyspace) for the /etc/smbpasswd file. forget etc/shadow ! /etc/smbpasswd is ALOT more vulnerable and using an encryption algorithm that even less secure than crypt. My dual Xeon P11 450 can crunch every possible NT passwd hash in l0phtcrack in a few hours.....
This isn't anything new of course. Like any centralized authentication system you need to protect the authentication servers. Stick 'em in a locked box and no user accounts. I think in general the need for user accounts on systems has dropped greatly, and if you need shell accounts for users you should create a completely seperate box for it, considering the degree of risk involved. I can crunch an amazing number of passwords, crypt md5 and blowfish and easily hit the bottom few percent ("password", "l0ve", etc). It's all about risk management. You protect the passwords by hashing them. You protect that stored data with file permissions/etc. P.S. if you're worried about the way the password is stored you should really worried about how that password is transferred across the network. As an excercise for the reader: read the samba man pages, especially the SSL references.
Food for Thought....
Cheers
Peter Nixon
-Kurt